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modal //-calculus. Our purpose here is to give an analysis of the 
concept, starting with the observation that the zig-zag conditions 
are suggestive of some form of continuity. We give a topological 
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//-calculus, developed in recent work of Kwiatkowska et al, and 
its relation to the standard set-theoretic semantics. 
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1 Introduction 


The notion of a bisimulation relation is of basic importance in many ar¬ 
eas of computation theory and logic. In the propositional modal //-calculus, 
if states x and y of labeled transition system (LTS) models DJI and are 
bisimilar, then in their respective models, x and y satisfy all the same sen¬ 
tences of the language of L M . The corresponding properties of bisimulation- 
invariance for other formalisms are also well-studied: e.g. finitary and infini- 
tary polymodal or temporal logics, and fragments of first-order, infinitary, 
and monadic second-order logics (see [8]). 

The background motivation for this paper is the use of bisimulations in 
recent work on the formal analysis and verification of hybrid control systems 
(see [7], [4], and references therein). In that work, the computational model 
is a structure called a hybrid automaton , which is an enrichment of a (real) 
timed automaton. Temporal logic or //-calculus specifications for such systems 
are interpreted with respect to LTS models DJI over states spaces X C Q x 
R”, where Q is a finite set of control modes, and the transition relations 
are of two kinds: continuous evolution for some duration of time according 
to the differential equations modeling a given control mode, and relations 
modeling the effects of discrete jumps between control modes, which may 
be controlled or autonomous. The propositional constants denote sets of 
initial states, guard conditions on the jumps transitions, and goal or desired 
invariant regions of the state space. The systems of interest are those in 
which all the components of the associated LTS model DJI — the state space, 
transition relations and constant sets - are all first-order definable in some 
structure R = (R; <, +, *,0,1,...) over the reals. For definiteness, take R to 
be the real-closed field (which admits elimination of quantifiers), or more 
generally, take R to be an o-minimal structure over R (see [10], [6]). 

Symbolic model checking tools for hybrid and real-time systems such as 
HyTech [7] and KRONOS attempt to compute, for propositional //-calculus 
sentences </j, the value of the denotation || 9 ?|| 9n as a first-order formula in 
the language £(R), building up from the explicit first-order definitions of 
the components of DJI. For purely modal sentences, such a translation is 
straightforward. But for //-sentences, to have a guarantee that the denotation 
||//Z.y|| SJt is a finite union of approximations, one needs to ensure that the 
LTS model DJI has a bisimulation equivalence ~ of finite index. If such is the 
case, the quotient LTS is a finite truth-preserving simulacrum, and finite 
automata representation, of the original system. The construction of a finite 
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bisimulation quotient is the essential ingredient of results on the decidability 
of the reachability problem for a variety of first-order syntactic classes of 
hybrid and timed automata (see [10], and references therein). 

Given their practical and theoretical significance, it behooves us to have 
a closer examination of the concepts involved. 

The remainder of this paper is organized as follows. Section 2 is a review 
of the modal //-calculus and bisimulation relations. In section 3, we give a 
topological characterization of bisimularity for preorders. Section 4 makes 
the connection with algebraic semantics, and section 5 is a brief discussion 
of related research. 


2 Background 

Call a pair ($, 2) consisting of a set $ of propositional constants and a set 2 
of transition (action) labels a modal signature , and let PVar be a fixed set of 
propositional variables. The set of formulas ^>($, 2) in the signature (4>, E) 
of the propositional modal //-calculus is generated by the grammar: 

V? ::= p | Z | -xp | V <p 2 | (a)p | pZ.<p 

for p € Z G PVar, and a £ E, with the proviso that in fiZ.ip, the variable Z 
occur positively, i.e. each occurrence of Z in <p is within the scope of an even 
number of negations. Let <S M ($, E) denote the set of all sentences of E); 

i.e. those without any free variables. The logical constants tt and ff, other 
propositional connectives, dual modal operators [a] and greatest fixed-point 
quantifier are defined in the standard way. For formulas G E), let 

ip[Z := \ji\ denote the result substituting for all free occurrences of Z. By 
renaming bound variables in (p if necessary, we can assume such substitutions 
do not result in the unintended capture of free variables. 

A labeled transition system (LTS ) of signature ($, E) is a structure: 

!BI = (A-,{a”}. €E ,{||p||"W) 

where X ^ 0 is the state space (of arbitrary cardinality); for each transition 
label a 6 2, a m C X x X is a binary relation on X ; and for each atomic 
proposition (observation or event label) p € $, |jp|l £OT C X is a unary relation 
on X. 
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A binary relation or set-valued map r : X Y (i.e. r C X x Y) deter¬ 
mines two pre-image operators : the lower or existential pre-image operator 
<r(r) : V{Y) -4 "P(X) is given by 

a(r)(B) = {x e X \ (3y eY)[(x,y) e r A y € B]} 

= {i G X j r(x) flB/0} 

for B C Y, while the upper or universal pre-image operator r(r) : V(Y) —} 
V(X) is the dual under set-theoretic complement: 

r(r)(B) = -<j{r){-B) = {x e X \ r(x) C B} 

The direct image operator mapping a set A C X to its image in Y under r 
is just <r(r) : 'P(X) -4 V(Y), where r : Y X is the converse relation; in 
particular, the image of a point r(x) = <r(r)({a:}). 

In the standard set-theoretic semantics for the ju-calculus ([9], [14], [13]) 
over LTS models 9Jt, propositional variables range over the full power-set 
algebra 'P(X) of the state space. In the more general algebraic semantics 
of Kwiatkowska and colleagues in [1] and [2], formulas are interpreted with 
respect to modal frames (fUt, .4), where A C V(X) is a modal algebra: a 
Boolean algebra under the Unitary set-theoretic operations, which contains 
each of the observation sets ||p|[ JOT and is closed under each of the pre-image 
operators cr(a m ). We give the standard set-theoretic semantics here, and 
return to the algebraic semantics, and the relationship between the two, in 
Section 4. 

Definition 2.1 Given an LTS model 9Jt = (X, {a OT } ae s, {||p|| an } P 6«) of modal 
signature ($,£), a (propositional, or second-order) variable assignment in VTt 
is any map £ : PVar -4 V(X). Each such assignment £ uniquely extends to 
a denotation map H -]!^ 1 : ^($, S ) -4 'P(X) inductively defined as follows: 


Ibllf 

0 

iiPir 

for 

\\z\\f 

o 

m 

for Z € PVar 

Ihvllf 

o 

x - IMIf 



0 

fellfufellf 


m<p\\? 

o 

(mT) 

for a € S 

bZM\f 

o 

n{^ e nx) i mi” m c a } 
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where for A £ V(X), the variant assignment £( A/Z ) : PVar —>■ V(X) is 
given by: £(A/Z)(W) = £(W) ifW^Z, and £(A/Z)(W) = A if W = Z. 

For formulas tp £ Xn($, E) and assignments £ : PVar —> V(X) in DJI, we 
say: 

• ip is satisfied at state x in (QJt, £), written DJI, £, x N i p, iff x £ Hv^llf 1 / 

• ip is true in (DJl,£), written DJl,£ t= ip, iff ||<p||jP = X; i.e. ip is 
satisfied at all states x in (DJI, £); and 

• tp is true in DJI, written DJI t= ip, iff <p is true in (3JT, £) for all assign¬ 
ments £ in DJI. 

For sentences ip £ <S M ($,S), the denotation ||y>||^ 1 is independent of the 
variable assignment £, and is written ||<p|| OT . So 931 N <p iff DJI, £ 1= ip for any 
assignment £. 

The syntactic restriction on formulas pZ.ip ensures that the operator 
<pf z : V(X) -4 V(X) given by (ipf z ) (A) = \\<p\\f {A/z) is C-monotone. In 

the definition above, ||//Z.<p||^ is defined to be the least pre-fixed-point of 
By the Tarski-Knaster fixed-point theorem for monotone maps on com¬ 
plete lattices, least pre-fixed-points are the same as least fixed-points; thus 
the inclusion can be replaced with equality. The completeness of V(X) as 
a lattice ensures (by the Hitchcock-Park fixed-point theorem) that the set 
\\pZ.ip\\™ may also be characterized as a transfinite union of an C-chain of 
approximations Hp-Z.cpll^ for ordinals a (of cardinality less than or equal 
to that of X), beginning with the empty set, applying the < p™ operator at 
successor ordinals and taking unions at limits. 

Definition 2.2 Given two LTS’s DJI and Dl, with state spaces X and Y 
respectively, a relation X Y is called a bisimulation or zig-zag between 
DJI and 91 iff for x, x' £ X, y, y 1 £ Y and each a £ E and p6$, 


Zig a : 

X 

4 

y 

and 

X 

/ 

- > X 


(3y')[ 

a”, , 

y —>y 

and 

x' =$ 

y'} 







n m 






y'\ 

Zag a : 

X 


y 

and 

y 

— >y' 


(3x')[ 

a . / 
X - > X 

and 

x' 

Up p : 

X 


y 

and 

X 

e Ml* 


y e 

Ml* 




Down,,: 

X 

* 

y 

and 

y 

e Ml* 


x G 

Ml* 
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By symmetry, the converse )p:Y^X will also be a bisimulation between 
91 and 2 71. 

The fundamental bisimulation-invariance property for sentences of the 
//-calculus is the following. 

Proposition 2.3 ([13], §5.3). If=$ is a bisimulation between and 91, then 
for all x G X and y (=.Y, and all sentences y> G <S M ($, E), 

=*- [ *e|Mf «■ yelMP ] 

Proof. The conditions Up p and Down p give the base case of the induc¬ 
tion, for atomic p G $, and the Zig a and Zag a conditions give the induction 
step for the (a) modalities. For //-sentences, one uses the representation of 
\\pZ.(p H 971 as a union of a chain of approximations and proceeds by transfinite 
induction. ■ 

When DJI = 91 and =$= « is also an equivalence relation on X, ~ is called 
a bisimulation equivalence on 97t. In this case, the (single-valued) quotient 
map q : DJI —► 9JT~ is a bisimulation between 971 and the quotient LTS 
DJl~ (well-defined, by the bisimulation conditions). It follows that for each 
sentence G «5 P (4 ) , E), the set ||(^|| OT is a union of equivalence classes. In 
particular, if « is a bisimulation equivalence of finite index, then for each 
fixed-point sentence pZ.ip G <S P (4>, S), the denotation ||//Z.</?|| an is a finite 
union of approximations ||y? n || 9n , where <p° = ff and <^ n+1 = ip[Z := <p n ] for 
n < lo. 


3 Bisimulations and Continuity 

When written out so neatly, the zigzag conditions cry out to be analyzed 
as some variant on the theme of continuity. We observe a nice symmetry in 
subject and object: a preorder ^ is a bisimulation, that is, it respects the 
structural components of an LTS model, exactly when the component tran¬ 
sition relations and observation sets respect it, in the form of its topological 
structure as a preorder. 

Recall that a preorder ^ on a set is a reflexive and transitive binary 
relation. In the modal logic tradition, preorders give the relational Kripke 
semantics for S4 modalities, with cr(^) interpreting O and r(=<l) interpreting 
□. For AC. X, reflexivity gives A C <t(=^)(j 4), and transitivity translates as 
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ct(=<:)<t(^:)(A) C <t(=^)(j 4); dually for r(^). The simplest topological struc¬ 
ture associated with a preorder is its Alexandroff topology. 

From work of McKinsey and Tarski in the 1940’s, S4 also admits a more 
general topological semantics in addition to the (historically later) relational 
Kripke semantics using preorders. The axioms for □ correspond to those of 
an arbitrary topological interior operator int-j-, and dually, O corresponds to 
topological closure. Alexandroff topologies arise when one correlates the two 
semantics (see [3], where they go by the name D-topology, for “digital”). In 
earlier work on hybrid systems [11], Alexandroff spaces arising from finite 
sub-topologies of standard topologies on X C R n (by the name “small” or 
AD-topologies) are used to model the conversion of sensor data into an input 
signal to a finite control automaton ([11], §5). 

For binary relations or set-valued maps, the purely topological notion of 
continuity was introduced by Kuratowski and Bouligand in the 1930’s, and 
generalizes that for single-valued functions (see, for example, [12], §4.4; that 
handbook article is a good source for a review of basic general topology.) 

Definition 3.1 Given a topological space (X,T), let 0(T) = T and C(T) 
denote, respectively, the open and closed sets of T. 


A relation r : (X,T) (Y,5) is 

called: 




lower semi-continuous ( l.s.c .) 

iff 

U € 0(5) 


<r(r)(l7) € O(T) 

upper semi-continuous (u.s.c.) 

iff 

U € 0(5) 


r(r)(C7) e 0(T) 


iff 

C e C(S) 


o-M(C) e C(T) 

continuous 

iff 

both l.s.c. 

and 

u.s.c. 


Let Clop(T) — O(T) flC(T) denote the Boolean algebra (under the finitary 
set-theoretic operations) of clopen subsets of ( X , T). The two semi-continuity 
properties together imply that for every A € Clop(S), we have cr(r)(A) € 
Clop(T). In particular, the domain dom(r) A cr(r)(F) € Clop(T), since 
Y € Clo P {S). 

In the setting of recent work on hybrid control systems, where each of 
the components of an LTS model of a hybrid dynamical system is first-order 
definable in R n (and R 2n for the transition relations) over an o-minimal 
structure R = (R; <, +, •, 0,1,...), the standard subspace topology on X C R n 
is of obvious interest. The “tameness” of the topology in the o-minimal 
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setting ([6]) manifests itself in a finite cell decomposition property , and this 
is the core of a construction of a finite bisimulation equivalence in recent 
decidability results for hybrid systems [10]. Semi-continuity properties of 
the two sorts of transition relation of hybrid LTS models - evolution along 
functionally continuous semi-flows <j >: X x R + —Y X, constrained within an 
invariant set, and reset relations r : X X modeling the effect of switching 
between discrete control modes - are discussed in [4] §4. In the typical case, 
each of the two sorts of transition relation will have as its domain a proper 
subset of X , which is closed but rarely also open. When viewed in metric 
terms, the upper semi-continuity property is particularly attractive. 

Definition 3.2 Given a relation r : X X, we call a set A C X 

• up-r-closed iff <r(r)(A) C. A iff A C r(r)(A); 

• down-r-closed iff <r(r)(A) C A iff AC r(r)(A). 

Let Up(r), Dn(r) C V(X) denote, respectively, the families of all up-r-closed 
and down-r-closed subsets of X. 

In temporal logic or in the topological dynamics of set-valued functions, 
up-r-closed sets AC X are also called positive- or future-invariant under r. 
When r ==$ is a preorder or partial order, it is usually written f A = A. 
Note that for arbitrary r, each of the families Up(r) and Dn(r) are closed 
under both arbitrary unions and arbitrary intersections, since the pre-image 
operators a(r) and r(r) are completely additive and completely multiplicative 
respectively, and we can exploit the duality between r and r. Moreover, the 
two families are duals under complement: A € Up{r) iff —A G Dn(r). Thus 
the family of sets UpDn{r) = Up(r) fl Dn(r) is a complete Boolean algebra. 

In the case of interest, where =<: is a preorder, observe that: A G UpDn (=<:) 
iff <t(»<t(=$:)(A) = A iff <r(^)(A) = A = r(=^)(A) iff A is a (disjoint) 
union of =<:- clusters ; that is, sets C C X such that for all x, y € C, x ^ y (all 
pairs of points in C are mutually ^-accessible). 

Proposition 3.3 Given an LTS QJt = (X, {a an }aeE>{|bl| a,t }pe*)> an d a P re ~ 
order ^ on X, we have for each a € S and p G and all A G 'P(X), 


^ satisfies Zig a 

iff 

A G Up(4) =» cr(a 5OT )(A) G Up(4) 

=<I satisfies Zag a 

iff 

A G Dn(=4) =$> a (a OT )(A) G Dn(^) 

=<: satisfies Up p 

iff 


=<: satisfies Down p 

iff 

|pir « -DnN) 
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Proof. The condition Zig a for =<! is equivalent to the inclusion: oa m C 

a m o where o is relational composition, and this is in turn equivalent to: 

<r(*M £ a(a m W»(A) 

for all A € V(X). Then using the reflexivity of =^, so A € Up(= 4 ) iff A = 
a[y^){A), the stated equivalence follows. For the Zag a condition, replace 
by =<!. The equivalence for Up p and Down p are immediate from Definition 
2 . 2 . ■ 

Given a preorder ^ on X , the Alexandroff topology T 4 determined by =<! 
is the topology on X defined by simply taking T 4 = 0(7, = Up(^) and 
C(7^) = Dn(s$). Thus 7^ is closed under arbitrary intersections as well as 
unions, and for all A C X, 

int^ (A) = r(^)(.A) and clj-^(A) = <r(=^)(A) 

In particular, Clop(T^) = UpDn( is a complete Boolean algebra. The 
topology T 4 has as a basis the collection of all sets B^(x) = < 3 "(^=)({x}) = 
{« e X \ x ^ y}, and B^(x) is the intersection of all open sets in 7 ^ 
containing x. 

More generally, a topology T on X is called Alexandroff if it has the 
property that for every point x 6 X, there is a smallest open set containing 
x . In particular, every finite topology on a (arbitrary) set X is Alexandroff. 
For a preorder =<! on X, the topology T 4 is of course Alexandroff. Going the 
other way, any topology T on X determines a relation ^ 7 - on X, called the 
specialization preorder of T, given by: 

x ^ 7 - y iff (W € T)[ x € U =» y € U] 

Note that =^ 7 - is a partial order exactly when T is To, and is trivial (the 
identity relation) when T is Ti. Alexandroff topologies are those that can 
be completely recovered from their specialization preorder: for any preorder 
on X , ^ 7 ^==^, and if T is Alexandroff, then 7^ r = T. The Alexandroff 
topology on a preordered space can also be seen as a crude cousin of the 
Scott topology 7c on a dcpo (X, C), which satisfies =$ 7 ^=CI; see [ 12 ], §2.4. 

It follows immediately from Proposition 3.3 and Definition 3.1 that if 
(X,T) is an Alexandroff space, then a m : (X,T) {X,T) is l.s.c. with 

respect to T iff =^r satisfies Zig a , and a m is u.s.c. with respect to T iff 
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=^ 7 " satisfies Zag a . The Alexandroff hypothesis is essential for this char¬ 
acterization of lower semi-continuity, but for arbitrary topological spaces 
(X, T), upper semi-continuity implies =^ 7 - satisfies Zag a (in longer words, 
a ® 1 is upper-^ 7 --monotonic); see [12], §4.4. 

We now have our topological characterization of bisimulation preorders. 

Proposition 3.4 Let DJI = be an LTS model and 

let T be an Alexandroff topology X. Then: 

^ 7 - is a bisimulation preorder on DJI 

iff for each a € E, a m : (X , T) (X, T) is continuous, and 

for each p € ||p|| art € Clop{T) 

Moreover, the preorder 

x =$cio P (T) V ^ (VA e Clop(T))[ x e A => y e A] 

includes =^ 7 - and is symmetric, thus an equivalence relation ss ciop(T )• When 
^ 7 - is a bisimulation preorder on DJI, ~ciop(T) I s a bisimulation equivalence. 

The last statement also follows from Proposition 3.3 and Definition 3.1, 
using the fact that Clop(T) = Up(~ciop(T)) — Dn(~ciop(T))- Note that 
although ^ 7 - and ^= 7 - are both bisimulations if either is such, the topological 
equivalence (Stone To quotient) SS 7 - = (^ 7(1 ^= 7 -) can fail to be a bisim¬ 
ulation. If Br{x) = B^ r (x) and Cr{x) = clr({x}) are, respectively, the 
smallest open and the smallest closed sets containing a point x, then under 
ft; 7 -, the equivalence classes are Et(x) = Bj-(x) D C'f(x). In contrast, the 
equivalence class Dci op (T)(x), is the smallest clopen or ^-c/usier containing 
both Bt{x ) and Cq-{x). 

More generally, if ~ is any equivalence relation on X, and 7« is the 
Alexandroff topology of «, then the basic open sets are just the equiv¬ 
alence classes under «, and 7» = Clop(%f) = Up(~) = Dn(tt) is the 
complete Boolean algebra of all unions of equivalence classes. The bisim¬ 
ulation equivalence conditions ZigZag a and UpDn p reduce, respectively, to 
the requirement that the algebra UpDnfzi) be closed under o(a m ), and that 
M” € UpDnfr). 

In the light of our excursion into general topology, we restate the basic 
truth-preservation property of bisimulations from Proposition 2.3. 


10 



Proposition 3.5 Let DR = (X, {a m } ae s, {IMI^hes) an LTS model and 

let be a bisimulation preorder on DJI. 

Then for every sentence <p G S), 

<r«) (iMI® ) = Ml* = r(4) (Ml*) 

hence HI®* € Clop(T 4 ) = UpDn(4). 

The truth-preservation property is: cr(=<:)(||y7|| a71 ) C ||</’|| an C '^(=^)(||<^>|| ^,l ), 
and the reflexivity of ^ gives the rest of the inclusions. 


4 Algebraic semantics for the /^-calculus 

For bisimulation preorders on DJI, the algebras of sets ClopifT^) are of clearly 
of interest since they contain the denotations in QJl of all //-calculus sentences. 
The algebraic perspective on the semantics of the //-calculus is taken up in 
the recent work of Kwiatkowska and colleagues in [1], [2]. The enterprise in 
those papers is to extend the framework of Stone duality for Boolean algebras 
to modal algebras with fixed-points, and in the process, give an algebraic 
completeness proof for Kozen’s axiomatization L p of the //-calculus, using a 
canonical model construction over the space of ultrafilters of the Lindenbaum 
algebra of the logic L M . Their language for the //-calculus contains logical 
constants ff and tt, but no alphabet $ of propositional constants. We make 
the obvious extension. 

Definition 4.1 A structure (.4, {<7 a } oe £, {\\P\\ A } pe $) is called a modal alge¬ 
bra of signature (3>, S), with carrier A, iff 

1. (A', V, A, -1,0,1) is a Boolean algebra, with lattice order 

2. for each p G |[p||^ G A; 

3. for each a G E, cr a : A —t A is a finitely additive and normal operator 
with values in A, 

i.e. for all A,B G A, cr a (A V B) — cr a (A ) V cr a (B) and <x a (0) = 0. 
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For modal formulas <p, the valuation || 9 ?||^ under a variable assignment 
£ : PVar —»• A is defined inductively, analogous to Definition 2.1. 

Such a structure is called a modal //-algebra if for each formula p.Z.p> € 
the monotone operator A i-v has a least pre-fixed-point 

in A, in which case: 

bZ-vWl = A{^ s -4 I \Muaiz) < A ) 

= [\{AZA\ WAua/Z) = •-’} 

Definition 4.2 A modal frame of signature ($,£) is a pair (271, .4) where 
271 = (X, {a OT } oe s, {||p|| 2,l }pe$) is an LTS model and A C V(X) is a (set- 
theoretic) modal algebra for SOT; that is, A is a Boolean algebra under the 
finitary set-theoretic operations, contains each of the sets Uplj® 1 and is closed 
under each of the pre-image operators a(a m ). 

A modal //-frame is a modal frame (271, A) such that A is a modal pi- 
algebra. An LTS 271 can be identified with the modal p-frame (271, V(X)). 

For purely modal formulas ip € ,F($,E), the semantics in (271, V(X)) 
and in any modal frame (271, A) are in agreement: 11^11^ = |M|^ for all 
variable assignments £ : PVar — > A. But in general, they part company on 
//-formulas, since the smallest set in A such that some condition holds will 
in general be larger than the smallest of all subsets of X such that the same 
condition holds. This motivates the following definition. 

Definition 4.3 Given an LTS model 271 and a modal p-algebra A C 'P(X) 
for 27 1, we say the frame (271, A) is in semantic agreement with 271 iff for all 
formulas <p 6 ^,($, £) and all assignments £ in A, we have: ||<p||^ = IMlf*- 

In other words, such algebras A yield the “true” denotation of formulas, 
relative to the standard set-theoretic semantics in 271. In establishing seman¬ 
tic agreement, the point is to show that for assignments £ in A, each set 
||//Z.<p[|^ t is in A‘, the fact that ||//Z.yj||^ n is then the least pre-fixed-point of 

A -+ IM \t(A/z) = IM \f(AIZ) Allows by induction. 

In [1] and [2], modal algebras A C V(X) are thought of as providing 
a clopen basis for a topology Ta on X, inspired by Stone duality. They 
concentrate on algebras A which are perfect and reduced as fields of sets, since 
those conditions characterize (X,Ta) being a Stone space - that is, compact, 
Hausdorff and totally disconnected. In that case, Stone duality gives X = 
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Ult(A), where Ult(A) is the space of ultrafilters of A. They further specialize 
to descriptive modal frames (9JI, A), which have the additional property that 
for each a G S, the relation a m : X X can be recovered from the algebra, 

in the sense that x —>• y iff (VA G A)[ x G r(a rot )(A) => y € A ]. In 
[2] §6, it is established that if (9JI, A) is a descriptive modal //-frame, then 
(971, A) is in semantic agreement with SOT. 

Our analysis of bisimulation preorders leads to an alternative and simpler 
condition for semantic agreement. 

Proposition 4.4 If ^ is a bisimulation preorder on an LTS model 971, then 
(SOT, Clop(T^)) is in semantic agreement with SOT. 

Proof. From Proposition 3.4, CloplfT is a modal algebra for SOI, since it 
contains each ||p|| OT and is closed under a(a m ). The completeness of Clop(T^) 
as a Boolean algebra ensures that it is also a //-algebra, since the relevant pre- 
fixed-points exist in Clop(T^). From Proposition 3.5, for all sentences < p € 
«S M (<I>, £), we have ||</j|| !H € ClopifT^). To prove that G Clop^T^) for all 

formulas ip G ^($,2) and all assignments £ in ClopifT^), one can proceed 
directly by induction on complexity of formulas, exploiting the representation 
of \\pZ.<p\\f as a union of a chain of approximations, as one does in the proof 
of Proposition 2.3. ■ 

The family of standard denotations of sentences gives us the simplest 
modal algebra in semantic agreement. Define 

s? MIMriv’e^E)} 

Then Sj f 1 is clearly a modal //-algebra: an assignment £ in maps variables 
Vi to sets |[V , t || !OT , so for any formula (J,Z.<p G ,F M ($,S), we have ||//Z.</?||^ t = 
|| fiZ.<p[Vi := G S™. Moreover, is the smallest modal //-algebra A 

such that (971, A) is in semantic agreement with 9JT. 

The quest for a bisimulation equivalence of finite index on an LTS model 
971 is often represented (e.g. [7] §3.1; [10] §2) as an algorithm which starts 
with the coarsest partition of the state space that respects the sets ||p|| an , 
so satisfies the conditions UpDn p , then constructs successively finer parti¬ 
tions according to the ZigZag 0 conditions. Algebraically, this amounts to 
generating of a sequence of Boolean algebras Sff for k < u>, where 

S? MIMHv €$*(#, E)} 
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is the finite Boolean algebra of denotations of modal sentences of modal 
degree < k. So is the smallest Boolean algebra generated by Sf 1 U 
{a(a m )(A) | A € Sf 1 }- The algorithm terminates at stage k+l if 5^ = Sf 1 , 
in which case the equivalence relation: 

x y = (VA € Sf)[ xGA y € A ] 

is a finite bisimulation equivalence whose equivalence classes are atoms of 
the algebra and S^ 1 = <Sff*. 


5 Discussion 


Our larger interest is in polymodal extensions of the modal p-calculus as a 
broad logical framework for the formal analysis of hybrid control systems. 
This theme is developed in a companion paper [4]. The idea is to take the 
basic LTS model VJl as a skeleton, and “flesh it out” by imbuing the state 
space with topological, metric tolerance or other structure, and extending 
the ^-calculus accordingly. Using the modal logic S4, we can represent the 
real topology on X as a subspace of R n , and express continuity properties 
of the component transition relations. We can also represent a bisimulation 
preorder =<: on 9Jt, axiomatizing the basic bisimularity conditions by: 


Z%Qd — . 

Zag a = u.s.c.a : 

Up p = open p : 
Drip = closedp : 


{a)DZ ->• D{a)Z 
0(a)Z -5- {a)OZ 
p —>• dp 
Op —>• p 


If in addition, we also want the preorder to preserve the truth and denota¬ 
tion of sentences in the expanded language <S Mi ci(3>, E), then we have to add 
an extra pair of structure-preservation clauses. For preorders, Zig ^ trans¬ 
lates as the condition of weak-directness, given by the scheme O OZ —>■ DOZ, 
and Zag ^ becomes the trivial OO Z —>■ OO Z. The modal logic KTB is that 
of reflexive and symmetric relations, via which we can represent the metric 
tolerance relation of differing by distance e, for particular e > 0. As the logic 
of equivalence relations, S5 is of obvious interest. 

For polymodal extensions of the p-calculus, algebraic semantics and Stone 
duality theory offer an available means to completeness of the proof systems 
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[5]. As noted in [1], a deficiency of Walukiewicz’ direct proof of completeness 
of (see [14]) with respect to the standard set-theoretic semantics is that 
it does not lift to extensions of the logic. 


References 

[1] S. Ambler, M. Z. Kwiatkowska and N. Measor, Duality and the 
Completeness of the Modal //-calculus, Theoretical Computer Science 
151 (1995) 3-27. 

[2] M. M. Bonsangue and M. Z. Kwiatkowska, Re-interpreting the 
modal //-calculus, in A. Ponse et al. (eds.), Modal Logic and Process 
Algebra, CSLI Lecture Notes 53 (CLSI, Stanford, 1995), 65-83. 

[3] J. M. DAVOREN, Modal Logics for Continuous Dynamics, PhD disser¬ 
tation, Department of Mathematics, Cornell University, January 1998. 

[4] J. M. DAVOREN, On Hybrid Systems and the Modal //-Calculus, in P. 
Antsaklis et al. (eds.), Hybrid Systems V, Lecture Notes in Computer 
Science (Springer-Verlag, Berlin). To appear late 1998 or early 1999. 

[5] J. M. DAVOREN, On Continuous Dynamics and Modal Logics, in prepa¬ 
ration. 

[6] L. VAN DEN DRIES, Tame Topology and O-minimal Structures, London 
Mathematical Society Lecture Notes Series 248 (Cambridge University 
Press, 1998). 

[7] T. A. HENZINGER, The Theory of Hybrid Automata, Proceed¬ 
ings of the 11 th Annual Symposium on Logic in Computer Science 
(LICS ’96), 278-292. Extended version available at: http://www- 
cad.eecs.berkeley.edu/~tah/. 

[8] M. J. HOLLENBERG, Logic and Bisimulation, PhD dissertation, De¬ 
partment of Philosophy, Utrecht University, March 1998. 

[9] D. KOZEN, Results on the Propositional //-Calculus, Theoretical Com¬ 
puter Science 27 (1983) 333-354. 


15 



[101 G. Lafferriere, G. J. Pappas and S. Sastry, O-Minimal Hy¬ 
brid Systems, Technical report UCB/ERL M98/29, Dept. EECS, 
University of California at Berkeley, May 1998. Available at: 
http: / / robotics.eecs.berkeley.edu/~gpappas /. 

[11] A. NERODE AND W. Kohn, Models for Hybrid Systems: Automata, 
Topologies, Controllability, Observability, in R. Grossman et al. (eds.), 
Hybrid Systems , Lecture Notes in Computer Science 736 (Springer- 
Verlag, Berlin, 1993), 297-316. 

[12] M. B. SMYTH, Topology, in S. Abramsky et al. (eds.), Handbook of 
Logic in Computer Science Vol. 1 (O.U.P., Oxford, 1992), 641-761. 

[13] C. Stirling, Modal and Temporal Logics, in S. Abramsky et al. (eds.), 
Handbook of Logic in Computer Science Vol. 2 (O.U.P., Oxford, 1992), 
477-563. 

[14] I. WALUKIEWICZ, A Note on the Completeness of Kozen’s Axiomatiza- 
tion of the Propositonal /x-calculus, Bulletin of Symbolic Logic 2 (1996) 
349-366. 


16 



